All ETDs from UAB

Advisory Committee Chair

Dale W Callahan

Advisory Committee Members

Douglas E Rigney

Joseph Popinski Iii

Lauretta Gerrity

Dalton Nelson

Document Type

Dissertation

Date of Award

2020

Degree Name by School

Doctor of Philosophy (PhD) School of Engineering

Abstract

Society generates 2.8 quintillion bytes of new data every day. Much of this data is sensitive information that should be protected from unauthorized access. Sensitive information is defined as information that, if compromised or misused, could adversely affect the privacy of the individual or organization. There are many types of information that fit this definition and places it is found, but for this discussion we will focus on: • Personally Identifiable Information (PII) (e.g., birth date, social security number, driver’s license number, passport number). • Medical information (e.g., insurance policy numbers, prescriptions, history). • Consumer information (e.g., credit card, banking, insurance). • Business information (e.g., company email, company documents). The National Institute of Standards and Technology (NIST) guidelines recommend access to systems with sensitive information be secured with multi-factor authentication (MFA). Mobile device use has increased greatly over the last several years. As mobile device hardware and software have advanced in capability, more users are choosing this over traditional desktop and laptop computers. In 2016, internet usage by mobile devices surpassed desktops and laptops for the first time. One can reasonably conclude that this increase in mobile device use as the preferred platform also results in increased use and storage of sensitive information on mobile devices. Mobile devices are generally secured by single factor authentication (SFA) which does not meet the NIST recommendations for securing systems with sensitive data. Most input devices for computer systems (desktops, laptops, and mobile devices) are limited in the type and amount of data entered at one time. As examples, keyboards only input one character for each keypress, mouse clicks apply to only where the pointer is at that moment, and microphones receive bits of sound at a single point in time. Images from cameras, however, can convey vast amounts of data with a single input. This attribute makes the camera a particularly appropriate candidate for utilizing more than one authentication factor. This research presents how to use images for submitting authentication factors, how to measure and score the security and usability of this approach as compared to standard MFA input methods, and if users find this approach more usable than the standard MFA input methods. The main objective of this research is to determine if using an image to input two factors of authentication (2FA), specifically Facial Recognition with Image Signaling (FRIS), is a viable alternative to traditional MFA options on smartphones in terms of security and usability.

Included in

Engineering Commons

Share

COinS